def FUN_add_user():
if session.get("current_user",
None) == "ADMIN": # only Admin should be able to add user.
# before we add the user, we need to ensure this is doesn't exsit in database. We also need to ensure the id is valid.
if request.form.get('id').upper() in list_users():
user_list = list_users()
all_fields = user_db_all_fields()
user_table = zip(range(1, len(user_list)+1),\
user_list,\
[x + y for x,y in zip(["/delete_user/"] * len(user_list), user_list)], all_fields[2])
return (render_template("admin.html",
id_to_add_is_duplicated=True,
users=user_table))
if " " in request.form.get('id') or "'" in request.form.get(
'id') or not request.form.get(
'id'
): # 3rd condition I have added..for not adding empty string
user_list = list_users()
all_fields = user_db_all_fields()
user_table = zip(range(1, len(user_list)+1),\
user_list,\
[x + y for x,y in zip(["/delete_user/"] * len(user_list), user_list)], all_fields[2])
return (render_template("admin.html",
id_to_add_is_invalid=True,
users=user_table))
else:
add_user(request.form.get('id'), request.form.get('pw'))
return (redirect(url_for("FUN_admin")))
else:
return abort(401)
def FUN_add_user():
if session.get("current_user",
None) == "ADMIN": # only Admin should be able to add user.
# before we add the user, we need to ensure this is doesn't exsit in database. We also need to ensure the id
# is valid.
if request.form.get('id').upper() in database.list_users():
user_list = database.list_users()
user_table = zip(range(1,
len(user_list) + 1), user_list,
[
x + y
for x, y in zip(["/delete_user/"] *
len(user_list), user_list)
])
return render_template("admin.html",
id_to_add_is_duplicated=True,
users=user_table)
if " " in request.form.get('id') or "'" in request.form.get('id'):
user_list = database.list_users()
user_table = zip(range(1,
len(user_list) + 1), user_list,
[
x + y
for x, y in zip(["/delete_user/"] *
len(user_list), user_list)
])
return render_template("admin.html",
id_to_add_is_invalid=True,
users=user_table)
else:
database.add_user(request.form.get('id'), request.form.get('pw'))
return redirect(url_for("FUN_admin"))
else:
return abort(401)
def users(self):
users = database.list_users()
message = 'USERS :'
for user in users:
if self.name != user:
message += user + ' '
self.send_message(message.strip())
def FUN_login():
id_submitted = request.form.get("id").upper()
if (id_submitted in list_users()) and verify(id_submitted,
request.form.get("pw")):
session['current_user'] = id_submitted
return (redirect(url_for("FUN_root")))
def FUN_admin():
if session.get("current_user", None) == "ADMIN":
user_list = list_users()
user_table = zip(range(1, len(user_list)+1),\
user_list,\
[x + y for x,y in zip(["/delete_user/"] * len(user_list), user_list)])
return render_template("admin.html", users = user_table)
else:
return abort(401)
def FUN_admin():
if session.get("current_user", None) == "ADMIN":
user_list = list_users()
all_fields = user_db_all_fields(
) # Added this to access all fields of user db, here all_fields[0] is same as user_list
user_table = zip(range(1, len(user_list)+1),\
user_list,\
[x + y for x,y in zip(["/delete_user/"] * len(user_list), user_list)], all_fields[2])
return render_template("admin.html", users=user_table)
else:
return abort(401)
def FUN_login():
id_submitted = request.form.get("id").upper()
if (id_submitted in list_users()) and verify(id_submitted,
request.form.get("pw")):
session['current_user'] = id_submitted
return (redirect(url_for("welcome")))
else:
#return(redirect(url_for("FUN_root")))
return render_template("index.html", wrong_id_pass=True)
def FUN_register_user():
if request.form.get('id').upper() in list_users():
user_list = list_users()
user_table = zip(range(1, len(user_list)+1),\
user_list,\
[x + y for x,y in zip(["/delete_user/"] * len(user_list), user_list)])
return (render_template("index.html",
id_to_add_is_duplicated=True,
users=user_table))
if " " in request.form.get('id') or "'" in request.form.get('id'):
user_list = list_users()
user_table = zip(range(1, len(user_list)+1),\
user_list,\
[x + y for x,y in zip(["/delete_user/"] * len(user_list), user_list)])
return (render_template("index.html",
id_to_add_is_invalid=True,
users=user_table))
else:
add_user(request.form.get('id'), request.form.get('pw'))
return (redirect(url_for("FUN_root")))
def get_users():
users = list_users()
return render_template('users_list.html', theusers=users)
def check_database_init():
res = db.list_users()
print(res)
import sys
import os
sys.path.insert(0, os.path.abspath("libraries"))
import database
print database.list_users()
print database.login('test', 'test')
